All City of Toronto staff have legal obligations when collecting personal information from the public. This fact sheet defines personal information and outlines City staff’s responsibilities when collecting personal information.
Personal information is defined in the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) as recorded information about an identifiable individual.
Personal information is information about individuals in a personal capacity. Information about an individual’s business, official, or professional capacity is not personal information. Personal information includes:
Personal information does not include:
Source: Municipal Freedom of Information & Protection of Privacy Act, R.S.O. 1990, c. M.56, s. 2 (2)
City staff may collect personal information through a number of methods (e.g. paper or electronic forms, surveys, sign-up sheets, social media, web applications, registration systems).
Staff must ensure that there is a City by-law or legal statute that gives the division the authority to collect personal information for a specific stated purpose, e.g. to issue a swim pass, conduct a survey, or provide shelter services.
Source: Municipal Freedom of Information & Protection of Privacy Act, R.S.O. 1990, c. M.56, s. 28
The City is obligated by law to inform individuals of the purpose for collecting personal information through a “Notice of Collection” statement. This notice must include three elements:
Yes, not from third party sources, such as social media sources or websites. There are some exceptions, for example:
Source: Municipal Freedom of Information & Protection of Privacy Act, R.S.O. 1990, c. M.56, s. 29 (1)
The City Clerk’s Office reviews personal information collection methods e.g. forms, surveys, telephone, or over-the-counter registration with divisions. This review ensures compliance with legislation, corporate identity standards, and the Accessibility for Ontarians with Disabilities Act (AODA).
Divisions are responsible for ensuring personal information is protected from unauthorized access, use, destruction, or disclosure including: